Buffer Overread Vulnerabilities in PHP Could Lead to Crashes or Memory Disclosure
CVE-2024-11233
8.2HIGH
What is CVE-2024-11233?
A vulnerability exists in the PHP programming language due to an error in the convert.quoted-printable-decode filter, affecting versions prior to 8.1.31, 8.2.26, and 8.3.14. This flaw allows an attacker to induce a buffer overread by a single byte, which can lead to unexpected behavior, including application crashes or the potential disclosure of sensitive data from other memory regions. The severity of this vulnerability underscores the necessity for developers and system administrators to upgrade to the latest patched versions of PHP to mitigate risks associated with memory corruption.
Affected Version(s)
PHP 8.1.*
PHP 8.1.* < 8.1.31
PHP 8.2.* < 8.2.26